How Responsible Should The Sponsor Be For The Outsourcing Provider's Success?

When assessing the competencies of an outsourcing service provider, sponsor companies must pay a great deal of attention to the cGMP compliance level of the provider. This is very important for four reasons:

• Regulatory enforcement – this is the obvious reason, because regulatory health agencies, most famously the FDA, see no difference between the sponsor and the supplier.
• Financial loss – if the drug is produced in a way that is deficient, the sponsor may have to recall the drug or even keep it off the market for an extended time while the deficiencies are corrected or a new outsourced CMO is found and qualified.
• Litigation – both product liability lawsuits and disgruntled investor lawsuits are on the rise; so, for instance, if a sponsor has contracted out clinical trial product production to a CMO, and the CMO has compliance problems, then a sequence of "too late to fix" issues arise:

a). First, the regulatory health agency may decline a marketing submission by saying that the trial data was unreliable as was the clinical trial production.

b). Investors now sue claiming executive incompetence, negligence, fraud, etc. (note that anyone in senior management is likely to be named personally in such lawsuits).

c). Patients who took the now "deemed unsafe" trial drug may decide to seek damages because the sponsor's quality personnel did not do their jobs to ensure the clinical drug production met minimum standards (e.g., cGMPs).

d). Finally, we can start adding in the worst case, due to litigation discovery (where the plaintiff can force sponsors to reveal publicly the sponsor's internal documents, reports, emails, presentations, and so on), more lawsuits get filed, individual personnel in the company get named, and public reputations are ruined.

• Reputations – this is the most subtle of all, but one that can often ruin careers and companies. Stories of CMOs having compliance problems don't really make headlines; the stories of the sponsors having compliance problems due to a CMO — now that makes headlines. Thus, it's the people at the sponsor company who have the most to worry about when it comes to bloggers and the press publicising the sponsor company's mistakes.

Furthermore, all firms should be cognizant of the recent recommendation that the FDA is considering, that warning letters and other regulatory enforcement actions against a CMO or CRO also be applied to the sponsor.

Should sponsors be involved in the audit process?

When it comes to the audit process, I believe it completely depends on each individual case as to whether the sponsor should be expected to be involved in the process or whether the outsourcing provider should be expected to deal solely with the audit. Let me provide three situations from three different clients of mine with three different answers:

• Client A is a small pharma company, with less than 30 personnel, who has outsourced production of their new molecule to a CMO. Client A has 1 fulltime quality person and 1 fulltime regulatory affairs person. It is not realistic to assume that they will be able to provide much assistance to the outsourced CMO especially since, given all the activities that are required to bring a new drug to market, both the quality and regulatory affairs individuals are already working 50–60 hours a week. Thus, the expectation of Client A is that the CMO would handle the regulatory agency inspection.
• Client B is a huge, multinational firm with quarterly revenues in the billions. And while it may seem that they would have the resources to help their outsourced providers, we also need to recognise that the bigger the sponsor company, the more the products, and thus the more the suppliers. Thus it may not be realistic to assume that the multi-billion dollar firm has the resource to send audit support teams toall its CMO vendors; it may have to confine its support activities to those CMOs in highrisk categories or where the sponsor can get its largest return on investment.
• Client C is a mid-sized firm just getting into the international marketplace. They have the staffing to provide an audit support team to their CMOs (two people), but do not have the knowledge or the expertise to provide their new international CMO (in Japan) with an effective audit support team. Thus, the assumption would be that they would not provide an audit support team. However, because of the business criticality of the international expansion strategy, Client C had to figure out how to support and help their CMO succeed in the inspection.

How can the sponsor help its partner pass audits?

There are a number of ways that a sponsor can help its outsourcing partner to pass its regulatory audits but first, as part of any quality or technical agreement, the sponsor needs to clarify two items:

• The ability to audit the outsourcing partner using an independent auditor, not just sponsor personnel. In this way, the sponsor can hire an independent auditing expert experienced in the type of audit the outsourced provider can expect (e.g., for a CMO in the US, the sponsor can hire a firm that conducts mock FDA audits; for a CMO in Germany, the sponsor can hire a firm that conducts mock EMA audits, etc.).
• The creation of a regulatory responsibility matrix that clarifies who — the sponsor or the outsourced provider— is responsible for what specific section of the regulation. In this way, the inspection scope can be quickly narrowed down.

Next, the sponsor may want to work with the outsourced provider to assemble a standing "audit package." This is a set of documents, such as a Site Master File, a current listing of SOPs, a copy of the summary of the most recent quality system management review, and so on, that can be given to any regulatory health agency inspector. I've found this type of default audit package, properly kept current of course, can be of much help to the sponsor, the outsourced provider, and the inspector.

Third, the sponsor should consider hiring an independent third-party to conduct a sort of "bulletproof yourself against inspections" type of corporate workshop. The key for this workshop would be to really show the outsourced provider what the inspector looks for (e.g., it's a lot less about SOPs and a lot more about looking at records — or the lack thereof — which prove compliance with SOPs and regulations), what agency inspectors use to develop their questions, have some role-play on answering inspector questions so the outsourced provider can see how it works in the real-world, and so on. I've had a number of clients tell me over the years how much just a one-day workshop on this has yielded huge dividends over years, as well as how it reduced their risks and anxieties when it came to regulatory inspections.

When issues need rectifying

So what happens when problems are identified by the sponsor during the course of the agreement? What should the sponsor be expected to do in this scenario? Naturally, it depends on the nature of the deficiencies and the business goals of the sponsor. As a simple example, a sponsor looking for justification to break a contract with an outsourced provider with whom it is unhappy may not want to help the sponsor to resolve any issues, but rather use the regulatory findings to justify finding a new outsourced provider.

That said, in general, the sponsor should expect to perform some level of help. Setting situational specifics aside, here's how I suggest my clients set about determining the level of help they will provide, or at least offer, the outsourced provider:

• If the deficiencies found deal specifically with the activities and processes contracted for (e.g., the actual production process for the sponsor's product rather than just more general CMO processes, such as training records maintenance), then the sponsor needs to offer as much help as possible. This could be sending personnel, this could be helping to hire an outside consultant (it must be borne in mind that a lot of outsourcing providers operate on tight margins and may not be able to afford an outside expert themselves), this could be working together to redesign processes, etc.
• If, on the other hand, the deficiencies are more systematic and clearly affect all of the clients of the outsourced provider (maybe the clean room gowning area is deficient or the overall training records are deficient), the sponsor will want to be more cautious about direct involvement. At this point, the focus needs to switch back to the sponsor and to find out what other controls the sponsor has in place that mitigate the risks posed by the outsourced providers deficiencies. If there are no controls, can some be put in place? If not, then the sponsor needs to step up and at least become involved through the mutual CAPA or change control review processes as spelled out in the quality/technical agreements.
• Finally, if the sponsor's personnel recognise that the outsourced provider could use some guidance on how to go about resolving any deficiencies, the sponsor should not be shy about suggesting helpful internet sites, published articles, recorded compliance seminars or even independent outside experts for the outsourced provider to consider.

John Avellanet is Managing Director and Principal of Cerulean Associates LLC.